Skip to main content

Posts

Showing posts from December, 2005

How to Hack AOL,HOTMAIL and YAHOO

We often hear people claim that they have lost their passwords because they have been hacked and now need to get their password back.Here i am giving few techniques All this techiniques are illegal can be called as Phishing THE HOAX Let's dispose of one technique that is absolutely a hoax (meaning a fraud: something intended to deceive; deliberate trickery intended to gain an advantage.) If you see a newsgroup post or web page with something like the following, it is a hoax and will not work. : : : (([[THIS REALLY WORKS ]])) : : : (1) send an E-mail to passwordrecovery@yourdomainhere.com (2) In the subject box type the screenname of the person whose password you wish to steal (3) In the message box type the following: /cgi-bin/start?v703&login.USER=passmachine&class=supervisor&f={your aol password}&f=27586&javascript=ACTIVE&rsa (4) Send the e-mail with priority set to "high" (red ! in some mailprograms) (5) wait 2-3 minutes and check your mail (6) ...

New Sophisticated Security Threats From Voip

A new report from the Information Security Forum (ISF) warns that along with existing security problems associated with IP networks, VoIP will present new and more sophisticated threats, such as caller ID spoofing, voice modifiers, SPIT (voicemail SPAM) and packet injections. With VoIP now poised to hit the business market in a big way, the ISF believes that failure to address these serious risks may bring voice communications to a grinding halt and result in identify theft and loss of sensitive information. With a combination of caller ID spoofing and freely available voice modification software, it is relatively easy to pose convincingly as someone else, similar to web site spoofing and phishing. But the ISF believes that one of the most virulent problems posed by VoIP will come about as a direct result of the low cost of sending voice messages over the Internet. SPIT (spam over internet telephony) could become a huge problem for companies. This could range from staff wasting time cl...

First Exploit in Firefox 1.5 discovered

Security experts with Packet Storm have published proof of concept code that exploits an unpatched flaw in the Firefox 1.5 browser, making the application vulnerable to a denial of service attack. The code marks the first publicly disclosed security vulnerability in Firefox 1.5 since it became available late November . The published code will add a large entry to the history.dat file of the browser, causing the application to crash the next time it is launched or the application will freeze. Users can fix the problem by manually erasing the file. Another option is to change the browser setting to disable the saving of history data by setting the days of saved history to zero or increasing the privacy control. While the proof of concept code is relatively harmless, the flaw could be exploited to install malware, said John Bambenek, a researcher with the University of Illinois at Urbana-Champaign and volunteer at the SANS Internet Storm Center . "Presumably, if the topi...

Bruteforce Password Cracking

A very elemental intrusion technique is bruteforce password guessing with a wordlist. This is very easy to do and I'd like to specifically explain how to crack simple, online websites. The basic principles are very transportable and we'll examine a couple more uses for them. We'll use the wonderful language, ruby , for our implementation. To begin, you need a wordlist file. Find yourself some wordlist files at ftp://ftp.cerias.purdue.edu/pub/dict/wordlists and ftp://ftp.ox.ac.uk/pub/wordlists/ . These will provide you with words that might be used as passwords. For example, ftp://ftp.ox.ac.uk/pub/wordlists/computer/common-passwords.txt.Z contains a list of some 800+ commonly used passwords. You can join them with a " cat file1 >> file2 " or " ruby -e 'File.open("file1", "a").write(File.open("file2", "r").read)'" , substituting whatever your files' names are for file1 and file2 . Now you want...

Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information

Article at ... http://www.hacker.co.il/security/ie/css_import.html Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information Overview It was bound to happen. I was recently intrigued by the possibility of utilizing Google Desktop for remote data retrieval of personal user data (such as credit cards and passwords) through the use of a malicious web page. Now, thanks to a severe design flaw in Internet Explorer, I managed to show it's possible to covertly run searches on visitors to a web site by exploiting this vulnerability. In this article I will detail what the vulnerability in IE is and how it is used to exploit Google Desktop. If you have IE 6 and Google Desktop v2 installed you can test it for yourself in my proof of concept page. Detailed analysis Normally, browsers impose strong restrictions for cross domain interaction through the web browser. A certain web page can make a user browse to a different domain. However, it may not read the ...

Places that viruses and trojans hide on start up

By ShaolinTiger The following article was written by ShaolinTiger, Administrator of: 1. START-UP FOLDER. Windows opens every item in the Start Menu's Start Up folder. This folder is prominent in the Programs folder of the Start Menu. Notice that I did not say that Windows "runs" every program that is represented in the Start Up folder. I said it "opens every item." There's an important difference. Programs represented in the Start Up folder will run, of course. But you can have shortcuts in the Start Up ...